4. Debugging Guest Code¶

It is possible to attach GDB to any running instance of S2E. S2E relies on the QEMU GDB interface, which can be enabled with the -s command line option. This option creates a socket on port number 1234.

$ ./i386-s2e-softmmu/qemu  -s2e-config-file config.lua -s

Once the guest is launched and the program is running, attach GDB to it.

$ gdb /path/to/my/prog
(gdb) target remote localhost:1234
#use gdb as usual (set breakpoints, source directories, single-step, etc.).

4.1. Remarks¶

GDB can only manipulate the current path. Use the DFS search strategy to have a coherent debugging experience.
GDB cannot inspect symbolic variables. If you attempt to display a symbolic variable, S2E will concretize it.
You can also debug kernel-mode code.

4.2. Useful tips¶

At any point, if you feel that symbolic execution got stuck, attach GDB to the running S2E instance to check what code is being executed.

Table Of Contents

4. Debugging Guest Code
- 4.1. Remarks
- 4.2. Useful tips

Previous topic

3. Parallel S2E

Next topic

1. Fork Profiler

This Page